CVE-2024-11136 HIGH

CVE-2024-11136: Arbitrary file removal via path traversal in TCL Camera

Vendor Tcl
Product Camera
Weakness CWE-35
Published November 14, 2024
Last update November 14, 2024

CVSS base score

8.2/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

What the vulnerability does

01Description

The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability. Malicious application can supply malicious URI path and delete arbitrary files from user’s external storage.

Key dates

02Disclosure timeline

November 14, 2024 CVE published
November 14, 2024 Record updated